Well, if the reports are reporting as a security issue something you did
intentionally that's not a security issue (for you), then they're not
correct.

But this seems pretty simple to resolve. Due to the root/toor thing, we
already have special-case code to deal with a duplicate user account
(and even a comment saying how you can enable or disable it). Just
changing the script to ignore a list of "ok duplicate user IDs" pulled
from a variable in /etc/security.conf, with 1 as the default value,
would fix this in quite a nice way.

cjs
-- 
Curt Sampson            <cjs@cynic.net>             +81 90 7737 2974
   The power of accurate observation is commonly called cynicism
   by those who have not got it.    --George Bernard Shaw

On Wed, 21 Mar 2007, Jukka Salmi wrote:

> Hi,
>
> to prevent login troubles in in case of shell problems I added another
> entry to the password file, reusing my main user accounts UID, GID,
> etc. but specifying another shell (/bin/sh); this setup imitates what
> toor does for the root account.
>
> This works fine. However, /etc/security now reports:
>
> 	/etc/master.passwd has duplicate user id's.
> 	jukka 1010      akkuj 1010
>
> 	Checking home directories.
> 	user akkuj home directory is owned by jukka
>
> 	Checking dot files.
> 	user akkuj .cshrc file is owned by jukka
> 	user akkuj .k5login file is owned by jukka
> 	[...]
>
> Hmm, while these reports are correct (of course), I wonder if there's
> really a problem with such a setup. In case there's not /etc/security
> should probably be fixed.
>
> Any comments?
>
>
> TIA, Jukka
>
>